Skip to content

The 'Access-Control-Allow-Origin' header has a value #7571

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dinhnghia opened this issue Sep 1, 2017 · 13 comments
Closed

The 'Access-Control-Allow-Origin' header has a value #7571

dinhnghia opened this issue Sep 1, 2017 · 13 comments

Comments

@dinhnghia
Copy link

XMLHttpRequest cannot load http://api.nhamoigioi.xyz/locations/districts. The 'Access-Control-Allow-Origin' header has a value 'http://localhost:4200' that is not equal to the supplied origin. Origin 'http://gh.nhamoigioi.xyz' is therefore not allowed access.
@dinhnghia
Copy link
Author

screen shot 2017-09-01 at 17 38 10

@grizzm0
Copy link
Contributor

grizzm0 commented Sep 2, 2017

This is not related to AngularCLI. This is simply CORS built straight into your browser.

The error is telling you that your server is setup to allow "http://localhost:4200" (Access-Control-Allow-Origin is part of the response, not request). gh.nhamoigioi.xyz is therefore not allowed to access the server. You need to allow gh.nhamoigioi.xyz instead of localhost:4200 on the server side.

@ChaosJiang
Copy link

#2872 canbe help for your problem

@filipesilva
Copy link
Contributor

Closing as answered by @grizzm0. ng serve itself doesn't suffer from this problem, this is a configuration issue with @dinhnghia's production server.

@shibhe
Copy link

shibhe commented Oct 27, 2017

Hi.

If you're using php as your server side, include the lines below in your .php file. it worked for me

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');

@dinhnghia
Copy link
Author

dinhnghia commented Oct 29, 2017 via email

@fndchagas
Copy link

thank you. but i using nodejs.
i'm success

how did you solve this?

@shibhe
Copy link

shibhe commented Jan 9, 2018

How did you solve this using Node.js?

@mohd7469
Copy link

mohd7469 commented Feb 17, 2018
edited
Loading

Try adding the following middleware to your NodeJS/Express app (I have added some comments for your convenience)
Add headers

app.use(function (req, res, next) {

// Website you wish to allow to connect
res.setHeader('Access-Control-Allow-Origin', 'http://localhost:8888');

// Request methods you wish to allow
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');

// Request headers you wish to allow
res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');

// Set to true if you need the website to include cookies in the requests sent
// to the API (e.g. in case you use sessions)
res.setHeader('Access-Control-Allow-Credentials', true);

// Pass to next layer of middleware
next();

});
Hope that helps!

In case you prefer something shorter, you may use a plugin called cors available for Express.js
It's simple to use, for this particular case:

var cors = require('cors');

// use it before all route definitions
app.use(cors({origin: 'http://localhost:8888'}));

@DeepikaChalana
Copy link

hello
im using angular 5 asp.net core 2.0
he error is telling you that your server is setup to allow "http://localhost:4200" (Access-Control-Allow-Origin is part of the response, not request). gh.nhamoigioi.xyz is therefore not allowed to access the server. You need to allow gh.nhamoigioi.xyz instead of localhost:4200 on the server side.

@nagipogu
Copy link

can you explain what is the issue::
Failed to load http://159.89.4.213:9000/admin/country/v1/:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:4200' is therefore not allowed access.

@grizzm0
Copy link
Contributor

grizzm0 commented Apr 24, 2019

@nagipogu

The browser does a preflight OPTIONS request to the server to make sure it's allowed to fetch the data. Read more about CORS.

The server at 159.89.4.213 needs to set the following header Access-Control-Allow-Origin: http://localhost:4200.

@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Sep 9, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@grizzm0 @filipesilva @fndchagas @ChaosJiang @mohd7469 @dinhnghia @DeepikaChalana @nagipogu @shibhe